package cn.net.dckj.framework.config;

import cn.net.dckj.common.utils.StringUtils;
import cn.net.dckj.common.xss.XssFilter;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

/**
 * Filter配置
 *
 * @author dckj
 */
@Configuration
public class FilterConfig {
    @Value("${xss.enabled}")
    private String enabled;

    @Value("${xss.excludes}")
    private String excludes;

    @Value("${xss.urlPatterns}")
    private String urlPatterns;

    @SuppressWarnings({"rawtypes", "unchecked"})
    @Bean
    public FilterRegistrationBean xssFilterRegistration() {
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setDispatcherTypes(DispatcherType.REQUEST);
        registration.setFilter(new XssFilter());
        registration.addUrlPatterns(StringUtils.split(urlPatterns, ","));
        registration.setName("xssFilter");
        registration.setOrder(Integer.MAX_VALUE);
        Map<String, String> initParameters = new HashMap<String, String>();
        initParameters.put("excludes", excludes);
        initParameters.put("enabled", enabled);
        registration.setInitParameters(initParameters);
        return registration;
    }

    @Bean
    public FilterRegistrationBean crossFilterRegistration() {
        FilterRegistrationBean registration = new FilterRegistrationBean();

        Filter filter = new Filter() {
            @Override
            public void doFilter(ServletRequest request, ServletResponse response,
                                 FilterChain chain) throws IOException, ServletException {
                HttpServletResponse httpServletResponse = (HttpServletResponse) response;
                HttpServletRequest httpServletRequest = (HttpServletRequest) request;

                httpServletResponse.setHeader("Access-Control-Allow-Headers", "Content-Type,JSESSIONID,device");
                httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");

                if (httpServletRequest.getHeader("Origin") != null)
                    httpServletResponse.setHeader("Access-Control-Allow-Origin", httpServletRequest.getHeader("Origin"));

                httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
                httpServletResponse.setHeader("Access-Control-Allow-Methods", "OPTIONS, TRACE, GET, HEAD, POST, PUT, DELETE");
                httpServletResponse.setHeader("Access-Control-Max-Age", "1800");

                if (httpServletRequest.getMethod().equals("OPTIONS")) {
                    httpServletResponse.setStatus(200);
                    return;
                }

                chain.doFilter(request, response);
            }
        };
        registration.setFilter(filter);
        registration.addUrlPatterns(StringUtils.split("", ""));
        registration.setName("crossFilter");
        registration.setOrder(1);

        return registration;
    }
}
